Problem uploading PFX cert to Azure Automation account (now password prompt)

Regular Contributor

Wondering if anyone knows the secret solution for this:  In Azure Portal, while under an Automation Account > Certificates > Add a certificate, I can successfully browse to and upload my PFX certificate, but there is nowhere for me to enter its password.

Screenshot of Azure Portal with no box for the passwordScreenshot of Azure Portal with no box for the password

I've tried the Edge browser (modern one), then tried IE, where I chose to download the new preview Azure Portal app, and the behavior is the same in there.  It's as though this is a broken thing and there is no mention of it on the internet...  Surely I'm not the only one trying to upload PFX certs into an Azure Automation account.  Hopefully somebody knows a solution?

2 Replies
best response confirmed by Jeremy Bradshaw (Regular Contributor)

@Jeremy Bradshaw 


AFAIK, there isn't any issue with the Certificate upload UI in Azure Automation. Once you select a valid PFX file, the UI adds automatically two fields, being one them the password field, as you can see by the screenshot below. Are you sure the PFX was correctly generated? See below a sample PowerShell that generates a valid PFX.


$Cert = New-SelfSignedCertificate -DnsName "CertificateName" -CertStoreLocation cert:\LocalMachine\My -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter (Get-Date).AddMonths(12) -HashAlgorithm SHA256

$CertPassword = ConvertTo-SecureString $PfxCertPlainPassword -AsPlainText -Force
Export-PfxCertificate -Cert ("Cert:\localmachine\my\" + $Cert.Thumbprint) -FilePath $certPath -Password $CertPassword -Force | Write-Verbose 


Captura de ecrã 2020-09-13 180325.jpg


@hspinto Thanks for your help.  I am unable to reproduce my issue today using the same exact steps as last time.  The best I can think of is that my PFX password had an invalid character as I've seen a few posts on Stack Overflow about that issue.  I thought for sure I tested with a very basic password.


After I tested successfully using a PFX generated using your code, I got to comparing my code and then the two generated certs, both essentially identical.  If you'd like to spot my code, it is the last/3rd function in this module within my GitHub PowerShell repo:


One thing I'm going to do is take away my Subject parameter and replace it with a validation-backed DnsName parameter.  That's because I have a feeling maybe the subject was part of the issue, so I'll just let that generate based on my supplying the DnsName parameter instead.